On 2/10/16 11:01 PM, Chris Wright wrote:
On Wed, 10 Feb 2016 22:39:20 -0500, Steven Schveighoffer wrote:
I think casting a mutable array to any array type is a recipe for memory
issues, no matter what is in the elements. Remember that you are casting
a reference that still has a mutable
On Fri, 12 Feb 2016 08:45:54 -0500, Steven Schveighoffer wrote:
> A cast to const may be viable.
Touché.
> However, I think casting in safe code is
> probably not something to allow.
*All* casting?
Casting between primitive value types (eg long -> int) is @safe. You
can't get memory errors
On 2/12/16 12:15 PM, Chris Wright wrote:
Casting between primitive value types (eg long -> int) is @safe. You
can't get memory errors that way, and the conversions are well-defined.
Casting between object references is @safe (assuming the object
references are valid; @safe doesn't protect you
On Fri, 12 Feb 2016 14:32:32 -0500, Steven Schveighoffer wrote:
> what I'm trying to say safe shouldn't allow is reinterpret casting.
> i.e.: *cast(T*)()
>
> So casting IMO shouldn't be allowed unless it invokes some kind of
> handler that ensures the conversion is safe.
>
> I'd include in this
On Wed, 10 Feb 2016 08:49:21 +, w0rp wrote:
> I think this should be addressed, as if you can't cast between pointer
> types, you shouldn't be allowed to cast between slice types either.
> Because slices are just a pointer plus a length. Another way to
> demonstrate the problem is like this.
On Wednesday, 10 February 2016 at 20:14:29 UTC, Chris Wright
wrote:
Show a way to read or write outside allocated memory with this,
or to cause a segmentation fault, and that will require a
change in @safe. You're looking for something else, data safety
rather than memory safety. You want to
On Wednesday, 10 February 2016 at 20:14:29 UTC, Chris Wright
wrote:
@safe protects you from segmentation faults and reading and
writing outside an allocated segment of memory. With array
casts, @safety is assured
Yes, @safe protects from direct cast to/from ref types but there
still is a
On Wed, 10 Feb 2016 21:40:21 +, Iakh wrote:
> On Wednesday, 10 February 2016 at 20:14:29 UTC, Chris Wright wrote:
>> @safe protects you from segmentation faults and reading and writing
>> outside an allocated segment of memory. With array casts, @safety is
>> assured
>
> Yes, @safe protects
On Wed, 10 Feb 2016 22:49:33 +, Chris Wright wrote:
> It should always be safe to cast from void[] to immutable(T)[] where T
> doesn't contain pointers.
>
> I didn't see a bug for this, so I'm filing it.
Filed https://issues.dlang.org/show_bug.cgi?id=15672
Yeah, I think it should only allow the equivalent of a
dynamic_cast for types in @safe code, and not allow the
equivalent of a reinterpret_cast, for T, T*, or T[].
On Wed, 10 Feb 2016 22:39:20 -0500, Steven Schveighoffer wrote:
> I think casting a mutable array to any array type is a recipe for memory
> issues, no matter what is in the elements. Remember that you are casting
> a reference that still has a mutable pointer to it.
>
> @safe should start from
On 2/10/16 5:49 PM, Chris Wright wrote:
On Wed, 10 Feb 2016 21:40:21 +, Iakh wrote:
On Wednesday, 10 February 2016 at 20:14:29 UTC, Chris Wright wrote:
@safe protects you from segmentation faults and reading and writing
outside an allocated segment of memory. With array casts, @safety is
On Wednesday, 10 February 2016 at 08:49:21 UTC, w0rp wrote:
I think this should be addressed, as if you can't cast between
pointer types, you shouldn't be allowed to cast between slice
types either. Because slices are just a pointer plus a length.
Another way to demonstrate the problem is like
On Tuesday, 9 February 2016 at 21:20:53 UTC, Iakh wrote:
https://dlang.org/spec/function.html#function-safety
Current definition of safety doesn't mention cast of arrays.
E.g this code allowed by DMD
int[] f(void[] a) @safe pure
{
return cast(int[])a;
}
But same void* to int* cast is
On Wednesday, 10 February 2016 at 08:49:21 UTC, w0rp wrote:
On Tuesday, 9 February 2016 at 21:20:53 UTC, Iakh wrote:
https://dlang.org/spec/function.html#function-safety
Current definition of safety doesn't mention cast of arrays.
I think this should be addressed, as if you can't cast between
https://dlang.org/spec/function.html#function-safety
Current definition of safety doesn't mention cast of arrays.
E.g this code allowed by DMD
int[] f(void[] a) @safe pure
{
return cast(int[])a;
}
But same void* to int* cast is forbidden.
So we need some rules for dynamic arrays casting.
16 matches
Mail list logo
